The 2009 Privacy and Security Conference is over for another year. As usual I was entreated to some interesting new ideas, issues and solutions.
But this year I’m conscious of the number of times that I left the session with a feeling that the speaker had been cut-off or missed delivering their conclusion. It wasn’t that the presenters were weak (they weren’t) but rather that many sessions ended with unanswered questions. Such is the state of privacy and security in 2009 I suppose…
A random sampling includes:
- How will IdM and access be effectively implemented in our hospitals and clinics? The physicians see authentication as an obstacle to delivering health services, yet health delivery organizations must have appropriate controls in place. The CIO for Vancouver Island Health Authority had the problem well defined but didn’t give us insight as to what solutions she saw as promising.
- When, if ever, will the US introduce effective Federal privacy legislation? This conference has a fair number of US-based speakers and each one tells an American story prefaced by ‘up here in Canada, this is less a concern because of your privacy laws’.
- Can government ever leverage Cloud Computing, or will data control always limit its ability to leverage the Cloud? Nicholas Carr didn’t answer this question for us, and — given this was a public sector conference — I think most of us are skeptical that the Cloud will ever meet government needs.
- What is the ‘killer use case’ for user-centric IdM? Stefan Brands was technically very good in his presentation, but too often user-centric IdM is focused on the model and technology. We get the technology now — but what are we going to use it for beyond low-value SSO? (This topic is certainly fodder for future posts on this blog.)
Despite these loose-ends, I enjoyed this conference again this year — it was good to meet new people, kibitz with a few clients and enjoy the spring-like maritime weather. I’m sure to be back in 2010.